Cloudflare ditches sites that use Coinhive mining code after classing it as malware
Bitcoin has been in the news for some time now as its value climbs and drops, but most recently interest turned to mining code embedded in websites. The Pirate Bay was one of the first sites to be seen using Coinhive code to secretly mine using visitors' CPU time, and then we saw similar activity from the SafeBrowse extension for Chrome.
The discovery of the code was a little distressing for visitors to the affected sites, and internet security and content delivery network (CDN) firm Cloudflare is taking action to clamp down on what it is describing as malware.
See also:
- The Pirate Bay is secretly running a Bitcoin miner in the background, increasing your CPU usage
- SafeBrowse Chrome extension found to be secretly mining for cryptocurrency
Torrent proxy site ProxyBunker.online has contacted TorrentFreak to say that Cloudflare has dropped it as a customer. The reason given for ProxyBunker's suspension is that the site has been using Coinhive code on several of the domains it owns.
The site tested using the miner for a few days before its domains were suddenly deleted from Cloudflare. After contacting the CDN provider, ProxyBunker was told:
Multiple domains in your account were injecting Coinhive mining code without notifying users and without any option to disabling [sic] the mining. We consider this to be malware, and as such the account was suspended, and all domains removed from Cloudflare.
The notification came in an email from Justin Paine, Head of Trust and Safety at Cloudflare, which ProxyBunker shared with TorrentFreak. The operator of the site disagrees with Cloudflare's decision, saying he did offer a way to disable the miner:
We were running the miner on our proxybunker.online domain using Coinhive's new Javacode Simple Miner UI that lets the user stop the miner at anytime and set the CPU speed it mines at.
Cloudflare said that it will remove the suspension, but each of the cancelled domains will need to be individually re-signed up. Paine added: "If we discover similar activity again the domains and account will be permanently blocked."
Image credit: Wit Olszewski / Shutterstock